Embodiments of the disclosed systems and methods provide for the management of the distribution and licensing of content using trusted ledgers and digital rights management techniques. In various embodiments, content creators and/or producers may reach agreements with service providers embodied as digital contracts with associated information recorded on trusted ledgers. Content parameter information included in these digital contracts may be leveraged by digital rights management services to ensure that conditions associated with the use and/or playback of content set by a content creator and/or producers are respected as a condition of license issuance. In this manner, digital rights management services may utilize trusted ledgers to ensure that content creator and/or producer rights are respected.

Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom. The first application invokes a second application to decrypt the license using at least one of the one or more cryptographic session keys, and further invokes the second application to decrypt the content decryption key using at least one of the one or more cryptographic session keys or one or more keys derived therefrom, and to decrypt a piece of content using the content decryption key. The first application then provides access to the decrypted piece of content in accordance with the license.

Systems and methods for sharing content between devices are disclosed. To request a shared piece of media content, a playback device generates and sends a request to content server. The playback device includes information in the request that indicates the playback capabilities of the device. The content server receives the request and determines the playback capabilities of the playback device from the information in the request. The content server then determines the assets that may be used by the playback device to obtain the media content and generates a top level index file for the playback device that includes information about the determined assets. The top level index file is then sent to the playback device that may then use the top level index file to obtain the media content using the indicated assets.

An information processing method for a server apparatus controlling access based on a role of a user and a scope as authority held by an authorization token for realizing a unified license management structure that does not reduce an overall performance of a cloud service even if a plurality of services collaborate with the cloud service.

Various embodiments include a method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, including transmitting, by the processor, an authentication challenge to the SIM card; receiving an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling the secure software application when the authentication response from the SIM card is verified.

The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing, and/or printing of electronic data files.

A method includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The access control management system receives, from a second client device, a request for the information. The access control management system verifies that a user of the second client device is identified in the received information. The access control management system selects an identity provider, based on a user identifier included in the received information, the user identifier associated with the user of the second client device. The access control management system requests from the selected identity provider, authentication of the user of the second client device. The access control management system sends, to the second client device, the received information. The access control management system stores an identification of at least one of the second client device and the received request for the information.

A gateway interconnecting a high speed Wide Area Network (WAN) and a lower speed Wireless Local Area Network (WLAN) is provided. The high speed WAN is preferably connected to the gateway via a Fiber-to-the Home (FTTH) connection and associated FTTH modem. In general, the gateway includes an adaptable cross-layer offload engine operating to manage bandwidth between the high speed WAN and the lower speed WLAN. As data enters the gateway from the WAN at the high speed data rate of the WAN, the offload engine stores the data in a non-secure data cache. A rule check engine performs a stateless or stateful inspection of the data in the non-secure data cache. Thereafter, the data is moved from the non-secure data cache to a secure data cache and thereafter transmitted to an appropriate user device in the WLAN at the lower data rate of the WLAN.

In embodiments, the disclosure provides a method for managing content, including providing an electronic discovery facility of a secure data exchange environment, wherein at least one of a plurality of users of a first entity utilizes a network-based content storage service of a second entity to store content, and wherein the storage and access of the content with the network-based content storage service is tracked by the electronic discovery facility. The method includes receiving, at the electronic discovery facility, a discovery request, the discovery request comprising a request for a legal counsel of a third entity to access content stored on the network-based content storage service, the discovery request being, for example, in association with a litigation discovery action in relation to the first entity. Further, the method includes identifying and securing, by the electronic discovery facility and as a result of the discovery request, at least one item of content on the network-based content storage service; and providing, by the electronic discovery facility of the secure data exchange environment, access to the identified and secured item of content stored on network-based content storage service to the legal counsel of the third entity.

Media files are often tagged, such as by XML or other tagging paradigms, in order to indicate aspects of certain portions of the media file. Disclosed herein, security policy tagging is provided that supports a logically nested or hierarchical structure. Tags may be time- and/or event-altered, such as when a user who is denied access at one point in time may be granted access at a later point in time. The need to amend the security policy based upon the passage of time is reduced or eliminated as portions, or sub-portions, of a media file that may be selectively tagged with security tags may be presented or downloaded based upon the security policy. The a security policy may incorporate rules that change permissions upon the passage of time or the occurrence of an event, without requiring the modification of the presentation, the security tags of the presentation portion, or the security tag associated with a parent portion of the presentation or the presentation itself.